NetBSD/pkgsrc 9SrgmaRwww/py-nbconvert distinfo Makefile

   py-nbconvert: updated to 7.17.1

   7.17.1

   This is a security release, fixing two CVEs:

   - [CVE-2026-39377](https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg)
   - [CVE-2026-39378](https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9)

   (full advisories will be published seven days after release, on 2026-04-14).

   Enhancements made

   - Allow configureable WebPDF JavaScript processing timeout

   Bugs fixed

   - Fix `PermissionError` when checking template paths on shared filesystems
   - Tweak webpdf template logic to fix duplicate extension problem
VersionDeltaFile
1.32+4-4www/py-nbconvert/distinfo
1.42+2-2www/py-nbconvert/Makefile
+6-62 files

NetBSD/pkgsrc VAPylR0doc CHANGES-2026

   doc: Updated mail/neomutt to 20260504
VersionDeltaFile
1.2802+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc OGkrVSjmail/neomutt Makefile distinfo

   neomutt: update to 20260504.

   2026-05-04  Richard Russon  \<rich at flatcap.org\>
   * Security
     - Fix GSSAPI buffer underflow on short unwrapped tokens
     - Reject percent-encoded NUL bytes in URL decoding
     - Skip CN fallback when SAN dNSName entries exist (RFC6125)
     - Cap POP3 UIDL responses to prevent OOM from a malicious server
     - Harden POP host URL copy
   * Bug Fixes
     - #4836 imap: fix memory leak in `msg_parse_flags`
     - #4849 Fix memmove in `mutt_str_expand_tabs`
     - #4850 IMAP: enhance stability with re-entrancy protection and reconnection fixes
     - #4852 Say which mailcap field we are looking for
     - #4853 Don't overwrite content_type
     - pager: fix crash on `uncolor *`
     - pager: fix wrong line index in signature syntax realloc
     - pager: fix OOB read on short log lines in `display_line()`
     - pager: fix off-by-one in newline restoration

    [5 lines not shown]
VersionDeltaFile
1.121+3-6mail/neomutt/Makefile
1.92+4-4mail/neomutt/distinfo
+7-102 files

NetBSD/pkgsrc EYxgpqXdoc CHANGES-2026

   doc: Note remove of www/ruby-rails61 and related pacakges.

        www/ruby-rails61
        textproc/ruby-actiontext61
        devel/ruby-railties61
        www/ruby-actioncable61
        mail/ruby-actionmailbox61
        mail/ruby-actionmailer61
        devel/ruby-activestorage61
        databases/ruby-activerecord61
        www/ruby-actionpack61
        www/ruby-actionview61
        devel/ruby-activejob61
        devel/ruby-activemodel61
        devel/ruby-activesupport61
VersionDeltaFile
1.2801+14-1doc/CHANGES-2026
+14-11 files

NetBSD/pkgsrc 4RisyFJlang/ruby rails.mk

   lang/ruby: remove rails61 support
VersionDeltaFile
1.190+5-8lang/ruby/rails.mk
+5-81 files

NetBSD/pkgsrc lr4jZbSdatabases Makefile, devel Makefile

   www/ruby-rails61: remove related packages

   Ruby on Rails 6.1 EOL since 2024-10-23 and it was kept for Redmine 5.1.
VersionDeltaFile
1.4627+1-6devel/Makefile
1.1917+1-5www/Makefile
1.691+1-3mail/Makefile
1.748+1-2databases/Makefile
1.1588+1-2textproc/Makefile
1.25+1-1www/ruby-rails61/distinfo
+6-1952 files not shown
+44-5758 files

NetBSD/src yPsqRtZsys/arch/hppa/dev hyperfb.c

   explain what we do with the overlay these days
   NFC
VersionDeltaFile
1.34+12-5sys/arch/hppa/dev/hyperfb.c
+12-51 files

NetBSD/pkgsrc 0V6QdTPdoc CHANGES-2026

   Updated devel/py-dulwich, www/py-zope.proxy
VersionDeltaFile
1.2800+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 8f5SEc8www/py-zope.proxy distinfo Makefile

   py-zope.proxy: updated to 7.2

   7.2 (2026-04-30)

   - Add support for automatically building and publishing Windows/ARM64 wheels.
   - Add support for automatically building and publishing source distributions.
VersionDeltaFile
1.15+4-4www/py-zope.proxy/distinfo
1.21+2-2www/py-zope.proxy/Makefile
+6-62 files

NetBSD/pkgsrc ZHRRzhhdevel/py-dulwich distinfo Makefile

   py-dulwich: updated to 1.2.1

   1.2.1   2026-04-29

   * Derive the LFS endpoint as the remote's on-disk LFS store
     (``<remote>/.git/lfs`` for worktrees, ``<remote>/lfs`` for bare repos)
     when ``remote.origin.url`` points at a local filesystem path or
     ``file://`` URL, matching git-lfs behaviour. Previously the built-in
     smudge filter constructed an HTTP-style ``<remote>.git/info/lfs`` path
     that did not exist on disk, leaving LFS-tracked files as pointers when
     cloning from a local repo.

   * Deduplicate objects when writing a multi-pack-index. Objects present
     in multiple packs (e.g. after ``git gc`` creates a cruft pack) would
     otherwise produce an OIDL chunk with repeated SHAs, causing ``git
     multi-pack-index verify`` to fail with "oid lookup out of order".

   * Extend ignorecase and precomposeunicode support to index lookups.
VersionDeltaFile
1.74+4-4devel/py-dulwich/distinfo
1.79+2-2devel/py-dulwich/Makefile
+6-62 files

NetBSD/pkgsrc J3oZq1odoc CHANGES-2026

   Updated security/libjwt, net/libtorrent, net/rtorrent
VersionDeltaFile
1.2799+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc b1I88Ggnet/libtorrent distinfo Makefile, net/rtorrent distinfo Makefile

   libtorrent rtorrent: updated to 0.16.11

   0.16.11
   Minor bug fixes which should mark this as the stable release in the near future.
VersionDeltaFile
1.58+4-4net/rtorrent/distinfo
1.62+4-4net/libtorrent/distinfo
1.123+2-2net/rtorrent/Makefile
1.86+2-2net/libtorrent/Makefile
+12-124 files

NetBSD/pkgsrc T926URHsecurity/libjwt distinfo Makefile

   libjwt: updated to 3.3.3

   3.3.3
   Bug fixes
VersionDeltaFile
1.9+4-4security/libjwt/distinfo
1.10+2-2security/libjwt/Makefile
1.7+2-2security/libjwt/PLIST
+8-83 files

NetBSD/src oCKtRyusys/arch/m68k/m68k pmap_68k.c

   Make sure the start and end of the PT page ranges are aligned to the
   size of what's addressable by a single PT page, thus ensuring we count
   them up correctly.
VersionDeltaFile
1.59+9-6sys/arch/m68k/m68k/pmap_68k.c
+9-61 files

NetBSD/pkgsrc DrPsTmGdoc CHANGES-2026

   Updated devel/ccache, devel/libgit2
VersionDeltaFile
1.2798+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc gZW9Dncdevel/libgit2 distinfo Makefile

   libgit2: updated to 1.9.3

   v1.9.3

   This release includes a number of bugfixes and compatibility
   improvements, particularly around SHA256 support.

   * cmake: fix linker error when using ninja build generator by
     @kcsaul in https://github.com/libgit2/libgit2/pull/7249
   * Handle redirects with Content-Length: 0 correctly by
     @ethomson in https://github.com/libgit2/libgit2/pull/7246
   * ci: use poxygit v0.8.1 in the tests by @ethomson in
     https://github.com/libgit2/libgit2/pull/7248
   * Zero indexer stats in pack objects by @ethomson in
     https://github.com/libgit2/libgit2/pull/7243
   * submodule: git_index_add_bypath does not move conflict entries
     to REUC by @lrm29 in https://github.com/libgit2/libgit2/pull/7003
   * fix: prevent SSH timeout infinite loop and enable TCP keepalive
     by @ambv in https://github.com/libgit2/libgit2/pull/7165

    [85 lines not shown]
VersionDeltaFile
1.46+4-4devel/libgit2/distinfo
1.99+2-3devel/libgit2/Makefile
+6-72 files

NetBSD/pkgsrc jTtkksHdevel/ccache distinfo Makefile

   ccache: updated to 4.13.6

   Ccache 4.13.6

   Bug fixes and improvements

   Fixed a potential manifest/result cache key collision in MSVC depend mode when compiling a source file with no included files.

   Improved robustness when parsing cache entry data structures.

   Test improvements

   Changed the remote_helper test suite to skip gracefully when the storage test helper is unavailable, avoiding failures when testing a system-installed ccache.
VersionDeltaFile
1.76+4-4devel/ccache/distinfo
1.96+2-2devel/ccache/Makefile
+6-62 files

NetBSD/pkgsrc EilsCwUdoc CHANGES-2026

   doc: Updated audio/fasttracker2 to 2.19
VersionDeltaFile
1.2797+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 3wdMawbaudio/fasttracker2 distinfo Makefile

   audio/fasttracker2: Update to 2.19

   Changes since 2.18:

   v2.19 - 03.05.2026
     * Set audio input/output device to default during config reset
     * If audio input device was set to default, properly open default
       audio input device before sampling audio.
VersionDeltaFile
1.134+4-4audio/fasttracker2/distinfo
1.150+2-2audio/fasttracker2/Makefile
+6-62 files

NetBSD/src KD4gVugsys/arch/m68k/m68k pmap_68k.c

   In pmap_bootstrap1(), check to see if FIXEDVA entries in machine_bootmap[]
   are covered by any existing page table range, and if not, allocate additional
   page table ranges to cover them.

   This does not impact the one current user of FIXEDVA -- hp300 -- which
   uses it to map the last page of RAM VA==PA.  In the hp300 case, this
   was already covered by the PTs that map the alternate SYSMAP_VA that
   the hp300 uses (precisely because it needs the last VA==PA mapping).

   This will eventually be used to map the I/O region VA==PA for mac68k.
   Normally, we might otherwies use a TT register for that, but mac68k
   runs on 68020s, so we cannot.
VersionDeltaFile
1.58+58-12sys/arch/m68k/m68k/pmap_68k.c
+58-121 files

NetBSD/src f8875dSsys/arch/m68k/include vmparam.h

   Fix snafu with 68010 page size.
VersionDeltaFile
1.10+9-8sys/arch/m68k/include/vmparam.h
+9-81 files

NetBSD/pkgsrc lOyvkwfdoc TODO

   doc/TODO: apache and postfix updated

   - apache-2.4.67, postfix-3.11.2.
VersionDeltaFile
1.27206+1-3doc/TODO
+1-31 files

NetBSD/pkgsrc EgEdf9Tdoc CHANGES-2026

   doc: Updated www/apache24 to 2.4.67
VersionDeltaFile
1.2796+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc i3rrmntwww/apache24 distinfo PLIST, www/apache24/patches patch-ae patch-configure

   www/apache24: update to 2.4.67

   Changes with Apache 2.4.67 (2026-05-04)

   * SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap
     Over-Read and memory disclosure in ajp_parse_data() (cve.mitre.org)
     Buffer Over-read vulnerability in Apache HTTP Server.  This issue affects
     Apache HTTP Server: through 2.4.66.  Users are recommended to upgrade to
     version 2.4.67, which fixes the issue.  Credits: Elhanan Haenel

   * SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer
     Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
     (cve.mitre.org) Improper Null Termination, Out-of-bounds Read
     vulnerability in Apache HTTP Server.  This issue affects Apache HTTP
     Server: through 2.4.66.  Users are recommended to upgrade to version
     2.4.67, which fixes the issue.  Credits: Tianshuo Han
     (<hantianshuo233 at gmail.com>)

   * SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP

    [102 lines not shown]
VersionDeltaFile
1.71+7-7www/apache24/distinfo
1.2+6-4www/apache24/patches/patch-ae
1.39+3-5www/apache24/PLIST
1.6+4-4www/apache24/patches/patch-configure
1.143+2-3www/apache24/Makefile
1.3+3-1www/apache24/patches/patch-ad
+25-246 files

NetBSD/pkgsrc oLA86yjdoc CHANGES-2026

   doc: update mail/postfix and related apckages to 3.11.2

        mail/postfix
        mail/postfix-cdb
        mail/postfix-ldap
        mail/postfix-lmdb
        mail/postfix-mysql
        mail/postfix-pcre
        mail/postfix-pgsql
        mail/postfix-sqlite
VersionDeltaFile
1.2795+9-1doc/CHANGES-2026
+9-11 files

NetBSD/pkgsrc h4oTRLCmail/postfix distinfo Makefile.common, mail/postfix/patches patch-ai patch-ag

   mail/postfix: update to 3.11.2

   Postfix 3.11.2 (2026-05-03)

   Fixed in Postfix 3.11:

     * Bugfix (defect introduced: Postfix 3.11): the proxymap(8) daemon
       dereferenced an uninitialized pointer after a request protocol
       error. This daemon is not exposed to local or remote users.
       Found by Claude Opus 4.6.

     * Bugfix (defect introduced: 20260309) a change, to set the
       service_name default value to "amnesiac", violated a test that
       parameter names in postconf output must match 1:1 with parameter
       names in the postlink script.

   Fixed in Postfix 3.8, 3.9, 3.10. 3.11:

     * Portability: support for recent FreeBSD, NetBSD, and OpenBSD

    [25 lines not shown]
VersionDeltaFile
1.48+42-11mail/postfix/patches/patch-ai
1.43+8-12mail/postfix/patches/patch-ag
1.223+6-6mail/postfix/distinfo
1.64+2-2mail/postfix/Makefile.common
+58-314 files

NetBSD/pkgsrc AXARrdcdoc CHANGES-2026

   doc: Updated geography/pdal-lib to 2.10.1
VersionDeltaFile
1.2794+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc R2Pskuugeography/pdal-lib PLIST distinfo, geography/pdal-lib/patches patch-cmake_macros.cmake

   geography/pdal-lib: Update to 2.10.1

   Upstream does not publish NEWS.  Their release notes contain the
   following particularly NEWS-worthy items, plus many bug fixes and
   minor improvements.

   * 2.10.0

     * readers.spz and writers.spz are now plugins by @ibell13 in #4755

   * 2.9.0

     * support for GDAL VSI
     * support for FileSpec
     * remove nlohmann public API (from PDAL API)
     * Multi-thread support, where query, and new options for pdal tindex
VersionDeltaFile
1.5+25-14geography/pdal-lib/PLIST
1.8+4-5geography/pdal-lib/distinfo
1.50+2-3geography/pdal-lib/Makefile
1.2+1-1geography/pdal-lib/patches/patch-cmake_macros.cmake
+32-234 files

NetBSD/src 38AsrADsys/arch/riscv/include proc.h

   Two issues:
   - Always include vmparams.h via <machine/vmparams.h>, because redirection
     logic elsewhere relies on this.
   - But akshually, isn't not even needed here because the code that would
     use it is #if 0'd out anyway.

   So, collect the garbage and ramble on.
VersionDeltaFile
1.7+1-9sys/arch/riscv/include/proc.h
+1-91 files

NetBSD/pkgsrc Ne71xkodoc CHANGES-2026

   doc: Updated x11/mlterm to 3.9.4nb7
VersionDeltaFile
1.2793+2-1doc/CHANGES-2026
+2-11 files